ORX News digest of the month – August 2019
- 5 September 2019
Every month the ORX News team publishes a featured digest from the ORX News Service. It's a detailed look at one of the losses reported in the media that month, and is handpicked by the team as one of the most interesting stories.
DSK Bank fined BGN 1 million after third parties access over 33,000 customers’ data
On 28 August, the Bulgarian Commission for Personal Data Protection (CPDP) announced that it had fined DSK Bank BGN 1 million ($567,000) for failing to adequately protect customer information, resulting in unnamed third parties gaining access to over 33,000 customers’ data.
The data was taken from over 23,000 loan files, which also contained the personal information of customers’ related parties, such as relatives, vendors and loan guarantors. It comprised names, personal identification numbers, addresses, scanned copies of ID cards that contained certain biometric data, full tax and income information, bank account numbers and information about property deeds.
DSK Bank had failed to implement appropriate technical and organisational measures and ensure the confidentiality, integrity, availability and sustainability of its personal data administration systems. The CPDP gave no further details about when or how the data breach occurred but the bank said that it had not been the victim of a cyberattack.
ORX News subscribers can read the full story on the ORX News website.